3.13.0 Release notes¶
This section lists the changes in version 3.13.0. More details about these changes are provided in each component changelog:
- Included the NVD as a feed for Linux agents in vulnerability detector.
- Improved the vulnerability detector engine to correlate alerts between different feeds.
- Added vulnerability detector module unit testing for Unix source code.
- Added a timeout to the updates of the vulnerability detector’s feeds to prevent hangings.
- Added option for the JSON decoder to choose the treatment of array structures.
modevalue (real-time, Who-data, or scheduled) as a dynamic field in FIM alerts.
- Added a field to configure the maximum files to be monitored by the FIM module.
- New module to pull and process logs from Google Cloud Pub/Sub service.
- Added support for mapping rules with MITRE ATT&CK framework.
- Added as a dependency Microsoft’s Software Update Catalog used by vulnerability detector.
- Added support for
- Decreased event fetching delay from 10 miliseconds to 5 miliseconds in FIM modes real-time and whodata (
- Who-data includes new fields: process CWD, parent process id, and CWD of parent process.
- FIM now allows to rename/delete files while calculating their hash.
- Extended the statics fields comparison in the ruleset options.
- The state field has been removed from vulnerability alerts.
- The NVD is now the primary feed for the vulnerability detector in Linux.
- Removed OpenSCAP policies installation and configuration block.
same/different_system_namein Analysisd static filters.
- Updated the internal Python interpreter from v3.7.2 to v3.8.2.
Other fixes and improvements
- Fixed a bug that occasionally, kept the memory reserved when deleting monitored directories in FIM.
- Fixed and issue regarding inotify watchers allocation when modifying directories in FIM real-time.
- Fixed an error that caused the alerts deletion with a wrong path in Who-data mode.
- Fixed an issue that did not generate alerts in Who-data mode when a subdirectory was added to the monitored directory in Windows.
- Avoided the truncation of the full log field of the alert when the path is too long.
- When there is a failure setting policies in Windows, FIM will automatically change from Who-data to real-time mode.
- Fixed an error that prevented from restarting Windows agents from the manager.
- Fixed an error that did not allow the usage of the tag
URLby configuring the NVD in a vulnerability detector module.
- Fixed TOCTOU condition in Clusterd when merging agent-info files.
- Fixed race condition in Analysisd when handling accumulated events.
- Avoided to count links when generating alerts for ignored directories in Rootcheck.
- Fixed typo in the path used for logging when disabling an account.
- Fixed an error when receiving different Syslog events in the same TCP packet.
- Fixed a bug in vulnerability detector on Modulesd when comparing Windows software versions.
- Fixed a bug that caused an agent’s disconnection time not to be displayed correctly.
- Optimized the function to obtain the default gateway.
- Fixed host verification when signing a certificate for the manager.
- Fixed possible duplicated ID on
client.keysadding new agent through the API with a specific ID.
- Avoid duplicate descriptors using wildcards in
- Guaranteed that all processes are killed when service stops.
- Fixed mismatch in integration scripts when the debug flag is set to active.
Wazuh Kibana App¶
- Support for Wazuh v3.13.0.
- Support for Kibana v7.7.1
- Support for Open Distro 1.8
- Added new navigation experience with a global menu.
- Added a breadcrumb in Kibana top nav.
- Added a new Agents Summary Screen.
- Added a new feature to add sample data to dashboards.
- Added MITRE integration.
- Added Google Cloud Platform integration.
- Added TSC integration.
- Added a new integrity monitoring state view for agent.
- Added a new integrity monitoring files detail view.
- Added a new component to explore compliance requirements.
- Code migration to React.js.
- Global review of styles.
- Unified Overview and Agent dashboards into new Modules.
- Changed vulnerabilities’ dashboard visualizations.
- Fixed Open Distro tenants to be functional.
- Improved navigation performance.
- Avoid creating the
wazuh-monitoringindex pattern if it is disabled.
- SCA checks without compliance field could not be expanded.
- Added new API requests:
- Added new filters in request
mitre: Filters the rules by mitre requirement.
tsc: Filters the rules by tsc requirement.
- Added new filters in request
Increased the maximum allowed size of the files to be uploaded from 1MB to 10MB. This change applies to:
- Added rules and decoders for macOS sshd logs.
- Added TSC/SOC compliance mapping.
- Added rules and decoders for PaloAlto logs.
- Added rules and decoder to monitor the FIM database status.
- Added rules for WAF.
- Changed description of vulnerability detector rules.
- Changed squid decoders.
- Fixed the provider name so that Windows Eventlog’s logs match with the Wazuh rules.
- Fixed static filters related to the
- Removed trailing whitespaces in the group name section of the ruleset.
- Removed invalid zeroes from rules id.
- Support for Wazuh v3.13.0